woodpecker

v3.14.1 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 22d Pipelines

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

automation ci-cd devops docker kubernetes woodpeckerci

Affected surfaces

auth

ReleasePort's take

Light signal

editorial:auto 13d

The v3.14.1 release fixes a vulnerability that allowed spoofing of agent_id on the server and agent.

Why it matters: Patch to v3.14.1 immediately to block agent_id spoofing attacks.

Summary

AI summary

Prevent spoofing of agent_id on the server.

Changes in this release

Type	Severity	Summary	CVE
Security	Medium	Server prevents agent_id spoofing vulnerability Server prevents agent_id spoofing vulnerability Source: llm_adapter@2026-05-21 Confidence: low	—

Full changelog

3.14.1 - 2026-05-12

❤️ Special thanks the security researchers and those who fixed them ❤️

Thanks to Shivam Kumar (@shivamkumarcyber) and
Ranganatha Rao Sridhar (Praetorian) independently finding and reporting the bug
And @6543 fixing the bugs and orchestrating the communication

🔒 Security

Server: make sure agent_id can not be spoofed by agent [#6567]

Security Fixes

Server: agent_id cannot be spoofed by an agent

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track woodpecker

Get notified when new releases ship.

About woodpecker

Woodpecker is a simple, yet powerful CI/CD engine with great extensibility.

All releases →